Description of problem: stunnel needs updating to Version 4.50, 2011.12.03 * Bugfixes - Fixed internal memory allocation problem in inetd mode. - POP3 server-side protocol negotiation updated to report STLS capability It would be nice is someone could make the /etc/stunnel/stunnel.conf and rpm install run in a chroot environment like bind/named. :) Verizon.net is changing to pop3s connection port 995. postfix users will need stunnel to make the outgoing connection. Guessing Release 1 users would like a /etc/init.d/stunnel script. Would not hurt to provide a /lib/systemd/system/stunnel.service file. This is working for me, but should be verified since this is my first systemd service attempt. [Unit] Description=SSL tunnel for network daemons After=syslog.target [Service] PIDFile=/var/run/stunnel/stunnel.pid StandardError=syslog EnvironmentFile=/etc/stunnel/stunnel.conf ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf Type=forking [Install] WantedBy=multi-user.target
(In reply to comment #0) > > It would be nice is someone could make the /etc/stunnel/stunnel.conf > and rpm install run in a chroot environment like bind/named. :) Would not hurt to have rpm package create the chroot directory. I was able to get it to run chroot'ed by moving setuid/uid commands below "pid =" Also changed chroot to /var/run/stunnel and set "client = no" for extra security. My working conf file has these settings $ grep -v ';' /etc/stunnel/stunnel.conf | uniq sslVersion = SSLv3 chroot = /var/run/stunnel/ pid = /stunnel.pid setuid = nobody setgid = nogroup socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 client = no [smtp-tls-wrapper] accept = 11125 client = yes connect = outgoing.verizon.net:465
CC: (none) => mageia
Only way I was able to get the set uid/gid to work was to chmod 777 /var/run/stunnel. For the permissions to survive a reboot I created stunnel_prestart.sh and added a call to it in /lib/systemd/system/stunnel.service with ExecStartPre=/local/bin/stunnel_prestart.sh $ grep -v \# stunnel_prestart.sh mkdir -p /var/run/stunnel chmod 777 /var/run/stunnel
Source RPM: stunnel => stunnel-4.34-3.mga1.src.rpm
Hi, This bug was filed against cauldron, but we do not have cauldron at the moment. Please report whether this bug is still valid for Mageia 2. Thanks :) Cheers, marja
Keywords: (none) => NEEDINFO
(In reply to comment #3) > Please report whether this bug is still valid for Mageia 2. Yes.
Keywords: NEEDINFO => (none)
Keywords: (none) => Junior_jobWhiteboard: (none) => MGA2TOO
Thanks for the report. This package is unmaintained. Would you be interested in becoming a packager and fixing this package? It also has a security vulnerability, CVE-2011-2940: http://lwn.net/Vulnerabilities/484778/
Component: RPM Packages => SecuritySummary: 2_a2: stunnel needs updating to Version 4.50, 2011.12.03 => 2_a2: stunnel needs updating to Version 4.50, 2011.12.03 (also CVE-2011-2940)URL: (none) => http://lwn.net/Vulnerabilities/484778/CC: (none) => luigiwalser
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=4223
I just updated the cauldron package to 4.53, and added your systemd unit file. For the other changes, feel free to apply for a maintainer account, as suggested by David.
CC: (none) => guillomovitch
Version: Cauldron => 2Whiteboard: MGA2TOO => MGA1TOO
If you're rebuilding stunnel anyway, you could take a look at the other problems in bug #4223.
CC: (none) => dan
I just backported 4.53-3.mga2 from cauldron to update_testing.
Thanks Guillaume. Mageia 1 needs the update too. I'll push this to QA when that's available.
SRPM for Mageia 2: stunnel-4.53-3.mga2.src.rpm
Installation failed: file /usr/lib64/libstunnel.so from install of stunnel-4.53-3.mga2.x86_64 conflicts with file from package lib64stunnel0-4.34-3.mga1.x86_64
CC: (none) => davidwhodgins
The files in libstunnel0 were moved back into the main stunnel package, since they aren't used by anything outside of stunnel itself. I guess the stunnel package needs to Obsolete the old libs.
Upon further inspection, the security issue only affects 4.40 and 4.41, so this is just a regular bug.
Component: Security => RPM PackagesDepends on: (none) => 4223Summary: 2_a2: stunnel needs updating to Version 4.50, 2011.12.03 (also CVE-2011-2940) => 2_a2: stunnel needs updating to Version 4.50, 2011.12.03Keywords: Junior_job => (none)URL: http://lwn.net/Vulnerabilities/484778/ => (none)
(stunnel is in 4.53 in mga2 since the update of today https://bugs.mageia.org/show_bug.cgi?id=4223)
Whiteboard: MGA1TOO => (none)Summary: 2_a2: stunnel needs updating to Version 4.50, 2011.12.03 => stunnel needs updating to Version 4.50, 2011.12.03Version: 2 => 1
This message is a reminder that Mageia 1 is nearing its end of life. In approximately 25 days from now, Mageia will stop maintaining and issuing updates for Mageia 1. At that time this bug will be closed as WONTFIX (EOL) if it remains open with a Mageia 'version' of '1'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Mageia version prior to Mageia 1's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Mageia 1 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Mageia, you are encouraged to click on "Version" and change it against that version of Mageia. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Mageia release includes newer upstream software that fixes bugs or makes them obsolete. -- Mageia Bugsquad
Mageia 1 changed to end-of-life (EOL) status on ''1st December''. Mageia 1 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Mageia please feel free to click on "Version" change it against that version of Mageia and reopen this bug. Thank you for reporting this bug and we are sorry it could not be fixed. -- Mageia Bugsquad
Status: NEW => RESOLVEDResolution: (none) => WONTFIX